Deployment with Kandji
This guide will cover the necessary steps to deploy the SenseOn Universal Sensor to macOS devices using Kandji.
Full Disk Access
The SenseOn Endpoint agent requires Full Disk Access to operate. To give the agent full disk access we need to:
Download the file named: SEE-FDA.mobileconfig. Click here to download SEE-FDA.mobileconfig and follow the following steps.
- Login to Kandji and navigate to Library > Add New
- Click Custom profile and click “Add & Configure”
- Give the Profile a name such as “SenseOn Full Disk Access”
- Select the Blueprint(s) you want to deploy to.
- Under Device families select only “Mac”
- Upload the SEE-FDA.mobileconfig file
- Click Save
Add Package to Kandji
- Download the latest .pkg file and senseon_install.txt file from the SenseOn Platform from Settings > Endpoint Agent Software
- Login to Kandji and navigate to Library > Add New
- Select Custom Apps and click “Add & Configure”
- Give the Profile a name such as “SenseOn Agent Version X”
- Select the Blueprint(s) you want to deploy to
- Add any rules you require (e.g. Chip type set to Apple Silicon)
- Set the Installation to “Install once per device”
- Select the “Installer Package” radio button
- Click “Add Preinstall Script“
- Paste the in script below and replace the second line with the contents of the senseon_install.txt file downloaded earlier
cat > /tmp/senseon_install.txt << 'EOF' <PASTE CONTENTS OF install_key.txt HERE> EOF
Verify Rollout
Alerting can be put in place to check if the agent is deployed to devices and to check the status of those that have it installed.
- Login to Kandji and navigate to Library > Add New
- Select Custom Scripts and click “Add & Configure”
- Give the Profile a name such as “Check SEE status”
- Select the Blueprint(s) you want to deploy to
- Set the Execution Frequency to match your needs. (E.g. Run Daily)
- Add the script below into the Audit Script Box
sudo /usr/local/bin/seectl status - Click Save